From 8d6447d4966032fbd0d1b679570ca1e1fc94b88e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@google.com>
Date: Thu, 29 Nov 2018 11:28:08 -0800
Subject: [PATCH] verifiers: Verify commands executed by grub

Pass all commands executed by GRUB to the verifiers layer. Most verifiers will
ignore this, but some (such as the TPM verifier) want to be able to measure and
log each command executed in order to ensure that the boot state is as expected.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/script/execute.c | 31 +++++++++++++++++--------------
 include/grub/verify.h      |  1 +
 2 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
index 488bc6bc8..9da5b10a5 100644
--- a/grub-core/script/execute.c
+++ b/grub-core/script/execute.c
@@ -28,6 +28,7 @@
 #include <grub/extcmd.h>
 #include <grub/i18n.h>
 #include <grub/tpm.h>
+#include <grub/verify.h>
 
 /* Max digits for a char is 3 (0xFF is 255), similarly for an int it
    is sizeof (int) * 3, and one extra for a possible -ve sign.  */
@@ -941,26 +942,29 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
   if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
     return grub_errno;
 
-  for (i = 0; i < argv.argc; i++) {
-	  cmdlen += grub_strlen (argv.args[i]) + 1;
-  }
+  for (i = 0; i < argv.argc; i++)
+    {
+      cmdlen += grub_strlen (argv.args[i]) + 1;
+    }
 
   cmdstring = grub_malloc (cmdlen);
   if (!cmdstring)
-  {
-	  return grub_error (GRUB_ERR_OUT_OF_MEMORY,
-			     N_("cannot allocate command buffer"));
-  }
+    {
+      return grub_error (GRUB_ERR_OUT_OF_MEMORY,
+			 N_("cannot allocate command buffer"));
+    }
 
-  for (i = 0; i < argv.argc; i++) {
-	  offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
-				   argv.args[i]);
-  }
-  cmdstring[cmdlen-1]= '\0';
+  for (i = 0; i < argv.argc; i++)
+    {
+      offset += grub_snprintf (cmdstring + offset, cmdlen - offset, "%s ",
+			       argv.args[i]);
+    }
+  cmdstring[cmdlen - 1] = '\0';
   grub_tpm_measure ((unsigned char *)cmdstring, cmdlen, GRUB_ASCII_PCR,
 		    "grub_cmd", cmdstring);
   grub_print_error();
-  grub_free(cmdstring);
+  grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND);
+  grub_free (cmdstring);
   invert = 0;
   argc = argv.argc - 1;
   args = argv.args + 1;
@@ -1185,4 +1189,3 @@ grub_script_execute (struct grub_script *script)
 
   return grub_script_execute_cmd (script->cmd);
 }
-
diff --git a/include/grub/verify.h b/include/grub/verify.h
index 3d8f3e1a4..ea0491433 100644
--- a/include/grub/verify.h
+++ b/include/grub/verify.h
@@ -34,6 +34,7 @@ enum grub_verify_string_type
   {
     GRUB_VERIFY_KERNEL_CMDLINE,
     GRUB_VERIFY_MODULE_CMDLINE,
+    GRUB_VERIFY_COMMAND,
   };
 
 struct grub_file_verifier